icelava.net

why be normal?
Welcome to icelava.net Sign in | Help
in Search

Authorization Manager with ADAM: 0x80070002

Last post 06-16-2009, 20:54 by icelava. 5 replies.
Sort Posts: Previous Next
  •  07-12-2007, 12:01 1554

    Authorization Manager with ADAM: 0x80070002

    Authorization Manager (AzMan) is an incredibly helpful feature of Windows 2003 for any development team who seeks to deliver a solid and fluid security framework in their applications. I have experienced its benefits in a past project, allowing dynamic designation of roles and authorized tasks to manage an entire enterprise of users' rights to the system. However, that was not on a web front.

    In some upcoming projects, we stand a chance of re-staging AzMan as the bouncer for the ASP.NET web applications we are to develop. The catch, though, is we may not get permission to stash the AzMan policy store directly in the corporate domain. The obvious alternative is to get ASP.NET to refer to an AzMan store located in an ADAM partition. That tutorial was pretty straightforward to execute, when I was using Visual Studio's file-based web site to it; with the built-in WebDev server running as my administrator account. When I took the next step of setting up the site to operate off IIS (5.1), it would bail when I tried to use the Roles class.

    System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)

    Despite me assigning the ASPNET account as an Administrator of the AzMan store, I could not overcome this error. I sought high and low for that divine revelation that would explain why ADAM had fallen from grace in this situation, and it was many days later did I obtain a subtle hint as to just what was serving as the road block.

    1. Open up ADAM ADSI Edit. (All Programs > ADAM > ADAM ADSI Edit)
    2. Connect to... the ADAM partition that contains the AzMan store. In my case, a DN of CN=Authorization,DC=group,DC=testdomain,DC=org.
    3. Once connected, it should expose a node CN=Roles. Click on it.
    4. The right pane should list three roles, CN=Administrators, CN=Readers, CN=Users. Right-click CN=Readers and select Properties in the context menu.
    5. The Properties dialog box will expose an Attributes grid. Locate the members property in it and double click the entry.
    6. Multi-valued Distinguished Name With Security Principal Editor dialog appears. Click Add Windows Account... and add in the ASPNET account.

    ASPNET, as the ASP.NET worker process, should now be able to read through the ADAM partition to access the AzMan store within.

  •  09-11-2007, 8:35 1921 in reply to 1554

    Re: Authorization Manager with ADAM: 0x80070002

    Hi,

     

    Thanks for the tip, you saved me some days of searching for a solution.

    I was testing on Windows 2003 Server with SP2 and had the same problem. The solution was to give read access in ADAM to NETWORK SERVICE user, just as you said. 

     

    Cheers,

    Stefan Hornea
     

  •  10-01-2007, 13:41 1989 in reply to 1921

    Re: Authorization Manager with ADAM: 0x80070002

    Hello!

     I hope someone is still following this thread somewhere!  I've run into the same exact issue.  When I log into my local machine as a domain admin and run the application that uses AzMan, everything is great.  When I log into my machine as a Domain User, then I get the following 

    System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
       at Microsoft.Interop.Security.AzRoles.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String bstrPolicyURL, Object varReserved)

    Policy Url is as follows:

    msldap://MYAZMANSERVER:389/CN=EnterpriseADAMStore,OU=SecNetPartition,O=SecNet,C=US

     

    I added Domain Admins as a "member" in the Readers role, but still nothing.

    Any ideas what this could be?

     

    Thanks a bunch in advance

    Sergio

  •  10-03-2007, 7:59 1990 in reply to 1989

    Re: Authorization Manager with ADAM: 0x80070002

    Sergio,

    If I read your steps correctly, you still need to give Domain Users membership to the Readers role as well, else they won't have permission to access it.

  •  06-04-2009, 0:18 5751 in reply to 1990

    Find Error :Authorization Manager with ADAM: 0x80070002

    Hi dear

    I am Rohit Gupta.

    but when we use asp.net application  from file system we have no problem.........but when we run asp.net application with http:\\localhost(IIS) then we got error " System.IO.FileNotFoundException: The system cannot find the file specified.(Exception from HRESULT: 0x80070002)"

     

    Pleas Help Me......

     Thanks and Ragards

    Rohit Gupta

  •  06-16-2009, 20:54 5790 in reply to 5751

    Re: Find Error :Authorization Manager with ADAM: 0x80070002

    Rohit, when you run the web application from the file system, I assume that is via Cassini the Visual Studio development web server. When you develop as an administrator (which is almost always the case), your web application will run with all your administrator privileges. When you set it to run as a proper IIS web application you must grant ASPNET or NETWORK SERVICE (depending on which Windows/IIS version you use) the Reader role as defined above.
View as RSS news feed in XML
Powered by Community Server, by Telligent Systems